Check your S3 Storage Settings!

Psst, Your S3 is showing!

Your application security might not be as good as you think. S3 security breaches are in the news way too often. These breaches are not the result of sophisticated hacks, but simple misconfigurations akin to not locking your front door.

Having private moments exposed can be embarrassing. Leaving all your sensitive files open for all to view is more than embarrassing. It is a publicity nightmare with legal ramifications. More than ever, application security is critical for application development.

Cloud providers have great solutions for file storage – AWS S3, Google Cloud Storage and DigitalOcean Spaces.
These tools allow unlimited storage of your files, fast access, and an affordable price. The systems use on-disk encryption and access over https.

With all these security features your files are safe and sound, right?

Maybe, maybe not. If your development team is not up to speed they can press the ‘easy button’ and allow all your files to be publicly readable. Instead of properly implementing security they rely on obscurity.

“There are millions of files on Amazon Web Services they will never find ours.” — said many embarrassed developers

Of course, your rockstar development team would never do that — right?

Obscurity never works for long. There are numerous public tools that scan Amazon for public S3 buckets with hidden data (e.g. DigiNinja Bucket Finder).

S3 leaks are not new but have been happening at an alarming rate recently.

Author Scott White

Scott White is the Founder of Orange Robot and a fractional CTO. With 20 years of product development experience, he has built 7 products from idea to revenue in markets including defense, travel and the automotive space.